Accepting request 1198406 from Publishing

OBS-URL: https://build.opensuse.org/request/show/1198406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/htmldoc?expand=0&rev=35

htmldoc-CVE-2024-45508.patch

@@ -0,0 +1,13 @@
+Index: htmldoc-1.9.18/htmldoc/ps-pdf.cxx
+===================================================================
+--- htmldoc-1.9.18.orig/htmldoc/ps-pdf.cxx
++++ htmldoc-1.9.18/htmldoc/ps-pdf.cxx
+@@ -5234,7 +5234,7 @@ parse_paragraph(tree_t *t,	/* I - Tree t
+       if (temp->markup != MARKUP_A)
+         break;
+ 
+-    if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ')
++    if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ' && temp->data[1])
+     {
+       // Drop leading space...
+       for (dataptr = temp->data; *dataptr; dataptr ++)

htmldoc.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Sep  2 12:48:22 UTC 2024 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
+  + htmldoc-CVE-2024-45508.patch
+
 -------------------------------------------------------------------
 Thu Feb 15 08:06:02 UTC 2024 - pgajdos@suse.com
 

htmldoc.spec

@@ -24,6 +24,8 @@ License:        LGPL-2.1-or-later
 Group:          Productivity/Publishing/HTML/Tools
 URL:            https://michaelrsweet.github.io/htmldoc/index.html
 Source:         https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
+# CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
+Patch0:          htmldoc-CVE-2024-45508.patch
 BuildRequires:  cups-devel
 BuildRequires:  fltk-devel
 BuildRequires:  gcc-c++